--- # Source: datadog/templates/secret-api-key.yaml apiVersion: v1 kind: Secret metadata: name: datadog namespace: default labels: {} type: Opaque data: api-key: PUT_YOUR_BASE64_ENCODED_API_KEY_HERE --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: datadog-cluster-agent-confd namespace: default labels: {} annotations: {} data: kubernetes_state_core.yaml.default: |- init_config: instances: - collectors: - secrets - nodes - pods - services - resourcequotas - replicationcontrollers - limitranges - persistentvolumeclaims - persistentvolumes - namespaces - endpoints - daemonsets - deployments - replicasets - statefulsets - cronjobs - jobs - horizontalpodautoscalers - poddisruptionbudgets - storageclasses - volumeattachments - ingresses labels_as_tags: {} annotations_as_tags: {} --- # Source: datadog/templates/install_info-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: datadog-installinfo namespace: default labels: {} annotations: {} data: install_info: | --- install_method: tool: kubernetes sample manifests tool_version: kubernetes sample manifests installer_version: kubernetes sample manifests --- # Source: datadog/templates/kube-state-metrics-core-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: {} name: datadog-ksm-core rules: - apiGroups: - "" resources: - secrets - nodes - pods - services - resourcequotas - replicationcontrollers - limitranges - persistentvolumeclaims - persistentvolumes - namespaces - endpoints - events verbs: - list - watch - apiGroups: - extensions resources: - daemonsets - deployments - replicasets verbs: - list - watch - apiGroups: - apps resources: - statefulsets - daemonsets - deployments - replicasets verbs: - list - watch - apiGroups: - batch resources: - cronjobs - jobs verbs: - list - watch - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - list - watch - apiGroups: - policy resources: - poddisruptionbudgets verbs: - list - watch - apiGroups: - storage.k8s.io resources: - storageclasses - volumeattachments verbs: - list - watch - apiGroups: - networking.k8s.io resources: - ingresses verbs: - list - watch - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - list - watch --- # Source: datadog/templates/kube-state-metrics-core-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: {} name: datadog-ksm-core roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: datadog-ksm-core subjects: - kind: ServiceAccount name: datadog-cluster-agent namespace: default --- # Source: datadog/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: datadog namespace: default labels: {} spec: revisionHistoryLimit: 10 selector: matchLabels: app: datadog template: metadata: labels: app: datadog name: datadog annotations: {} spec: securityContext: runAsUser: 0 hostPID: true containers: - name: agent image: "gcr.io/datadoghq/agent:7.45.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] resources: {} ports: - containerPort: 8125 name: dogstatsdport protocol: UDP env: # Needs to be removed when Agent N-2 is built with Golang 1.17 - name: GODEBUG value: x509ignoreCN=0 - name: DD_API_KEY valueFrom: secretKeyRef: name: "datadog" key: api-key - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - name: KUBERNETES value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: fieldPath: status.hostIP - name: DD_LOG_LEVEL value: "INFO" - name: DD_DOGSTATSD_PORT value: "8125" - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC value: "true" - name: DD_DOGSTATSD_TAG_CARDINALITY value: "low" - name: DD_LEADER_ELECTION value: "true" - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" - name: DD_APM_ENABLED value: "false" - name: DD_LOGS_ENABLED value: "true" - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL value: "true" - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE value: "true" - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION value: "false" - name: DD_HEALTH_PORT value: "5555" - name: DD_DOGSTATSD_SOCKET value: "/var/run/datadog/dsd.socket" - name: DD_IGNORE_AUTOCONF value: "kubernetes_state" - name: DD_EXPVAR_PORT value: "6000" volumeMounts: - name: installinfo subPath: install_info mountPath: /etc/datadog-agent/install_info readOnly: true - name: logdatadog mountPath: /var/log/datadog readOnly: false # Need RW to write logs - name: tmpdir mountPath: /tmp readOnly: false # Need RW to write to /tmp directory - name: os-release-file mountPath: /host/etc/os-release mountPropagation: None readOnly: true - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW to mount to config path - name: auth-token mountPath: /etc/datadog-agent/auth readOnly: false # Need RW to write auth token - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None readOnly: true - name: dsdsocket mountPath: /var/run/datadog readOnly: false - name: procdir mountPath: /host/proc mountPropagation: None readOnly: true - name: cgroups mountPath: /host/sys/fs/cgroup mountPropagation: None readOnly: true - name: pointerdir mountPath: /opt/datadog-agent/run mountPropagation: None readOnly: false # Need RW for logs pointer - name: logpodpath mountPath: /var/log/pods mountPropagation: None readOnly: true - name: logscontainerspath mountPath: /var/log/containers mountPropagation: None readOnly: true - name: logdockercontainerpath mountPath: /var/lib/docker/containers mountPropagation: None readOnly: true livenessProbe: failureThreshold: 6 httpGet: path: /live port: 5555 scheme: HTTP initialDelaySeconds: 15 periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 readinessProbe: failureThreshold: 6 httpGet: path: /ready port: 5555 scheme: HTTP initialDelaySeconds: 15 periodSeconds: 15 successThreshold: 1 timeoutSeconds: 5 - name: trace-agent image: "gcr.io/datadoghq/agent:7.45.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: {} ports: - containerPort: 8126 hostPort: 8126 name: traceport protocol: TCP env: # Needs to be removed when Agent N-2 is built with Golang 1.17 - name: GODEBUG value: x509ignoreCN=0 - name: DD_API_KEY valueFrom: secretKeyRef: name: "datadog" key: api-key - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - name: KUBERNETES value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: fieldPath: status.hostIP - name: DD_CLUSTER_AGENT_ENABLED value: "false" - name: DD_LOG_LEVEL value: "INFO" - name: DD_APM_ENABLED value: "true" - name: DD_APM_NON_LOCAL_TRAFFIC value: "true" - name: DD_APM_RECEIVER_PORT value: "8126" - name: DD_APM_RECEIVER_SOCKET value: "/var/run/datadog/apm.socket" - name: DD_DOGSTATSD_SOCKET value: "/var/run/datadog/dsd.socket" volumeMounts: - name: config mountPath: /etc/datadog-agent readOnly: true - name: auth-token mountPath: /etc/datadog-agent/auth readOnly: true - name: procdir mountPath: /host/proc mountPropagation: None readOnly: true - name: cgroups mountPath: /host/sys/fs/cgroup mountPropagation: None readOnly: true - name: logdatadog mountPath: /var/log/datadog readOnly: false # Need RW to write logs - name: tmpdir mountPath: /tmp readOnly: false # Need RW for tmp directory - name: dsdsocket mountPath: /var/run/datadog readOnly: false # Need RW for UDS DSD socket - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None readOnly: true livenessProbe: initialDelaySeconds: 15 periodSeconds: 15 tcpSocket: port: 8126 timeoutSeconds: 5 initContainers: - name: init-volume image: "gcr.io/datadoghq/agent:7.45.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: - cp -r /etc/datadog-agent /opt volumeMounts: - name: config mountPath: /opt/datadog-agent readOnly: false # Need RW for config path resources: {} - name: init-config image: "gcr.io/datadoghq/agent:7.45.0" imagePullPolicy: IfNotPresent command: - bash - -c args: - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done volumeMounts: - name: logdatadog mountPath: /var/log/datadog readOnly: false # Need RW to write logs - name: config mountPath: /etc/datadog-agent readOnly: false # Need RW for config path - name: procdir mountPath: /host/proc mountPropagation: None readOnly: true - name: runtimesocketdir mountPath: /host/var/run mountPropagation: None readOnly: true env: # Needs to be removed when Agent N-2 is built with Golang 1.17 - name: GODEBUG value: x509ignoreCN=0 - name: DD_API_KEY valueFrom: secretKeyRef: name: "datadog" key: api-key - name: DD_AUTH_TOKEN_FILE_PATH value: /etc/datadog-agent/auth/token - name: KUBERNETES value: "yes" - name: DD_KUBERNETES_KUBELET_HOST valueFrom: fieldRef: fieldPath: status.hostIP - name: DD_LEADER_ELECTION value: "true" resources: {} volumes: - name: auth-token emptyDir: {} - name: installinfo configMap: name: datadog-installinfo - name: config emptyDir: {} - name: logdatadog emptyDir: {} - name: tmpdir emptyDir: {} - hostPath: path: /proc name: procdir - hostPath: path: /sys/fs/cgroup name: cgroups - hostPath: path: /etc/os-release name: os-release-file - hostPath: path: /var/run/datadog/ type: DirectoryOrCreate name: dsdsocket - hostPath: path: /var/run/datadog/ type: DirectoryOrCreate name: apmsocket - name: s6-run emptyDir: {} - hostPath: path: /var/lib/datadog-agent/logs name: pointerdir - hostPath: path: /var/log/pods name: logpodpath - hostPath: path: /var/log/containers name: logscontainerspath - hostPath: path: /var/lib/docker/containers name: logdockercontainerpath - hostPath: path: /var/run name: runtimesocketdir tolerations: affinity: {} serviceAccountName: "datadog-agent" nodeSelector: kubernetes.io/os: linux updateStrategy: rollingUpdate: maxUnavailable: 10% type: RollingUpdate